fixing nginx SSL handling issue
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/c0fdd4ac Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/c0fdd4ac Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/c0fdd4ac Branch: refs/heads/stratos-4.1.x Commit: c0fdd4ac9aec897c4899a468271ad52102486397 Parents: 702bcf1 Author: reka <[email protected]> Authored: Wed Sep 2 13:11:46 2015 +0530 Committer: reka <[email protected]> Committed: Wed Sep 2 13:15:44 2015 +0530 ---------------------------------------------------------------------- .../src/main/bin/nginx-extension.sh | 3 + .../nginx/extension/NginxConfigWriter.java | 143 +++++++++++++------ 2 files changed, 101 insertions(+), 45 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/stratos/blob/c0fdd4ac/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh ---------------------------------------------------------------------- diff --git a/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh b/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh index 5deb433..cf9c820 100755 --- a/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh +++ b/extensions/load-balancer/modules/nginx-extension/src/main/bin/nginx-extension.sh @@ -30,6 +30,9 @@ properties="-Dnginx.private.ip=127.0.0.1 -Dtemplates.path=${script_path}/../templates -Dtemplates.name=nginx.cfg.template -Dscripts.path=${script_path}/../scripts + -Dnginx.cert.path=/etc/nginx/ssl/server.cert + -Dnginx.key.path=/etc/nginx/ssl/server.key + -Dnginx.server.names.hash.bucket.size=128 -Dconf.file.path=/tmp/nginx.cfg -Dstats.socket.file.path=/tmp/nginx-stats.socket -Dlog4j.properties.file.path=${script_path}/../conf/log4j.properties http://git-wip-us.apache.org/repos/asf/stratos/blob/c0fdd4ac/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java ---------------------------------------------------------------------- diff --git a/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java b/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java index 6f6a77c..6efc474 100644 --- a/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java +++ b/extensions/load-balancer/modules/nginx-extension/src/main/java/org/apache/stratos/nginx/extension/NginxConfigWriter.java @@ -31,7 +31,9 @@ import java.io.BufferedWriter; import java.io.FileWriter; import java.io.IOException; import java.io.StringWriter; +import java.util.ArrayList; import java.util.Collection; +import java.util.List; /** * Nginx load balancer configuration writer. @@ -60,11 +62,61 @@ public class NginxConfigWriter { StringBuilder configurationBuilder = new StringBuilder(); + List<String> availableProtocols = new ArrayList<>(); + for (Service service : topology.getServices()) { for (Cluster cluster : service.getClusters()) { - generateConfigurationForCluster(cluster, configurationBuilder); + if ((service.getPorts() == null) || (service.getPorts().size() == 0)) { + throw new RuntimeException(String.format("No ports found in service: %s", service.getServiceName())); + } + for(Port port : service.getPorts()) { + if(!availableProtocols.contains(port.getProtocol())) { + availableProtocols.add(port.getProtocol()); + } + } } } + for(String protocol1 : availableProtocols) { + if(log.isDebugEnabled()) { + log.debug("Available protocols : " + protocol1 + "\n"); + } + } + for(String protocol : availableProtocols) { + // Start transport block + configurationBuilder.append("http").append(" {").append(NEW_LINE); + configurationBuilder.append(TAB).append("server_names_hash_bucket_size "). + append(System.getProperty("nginx.server.names.hash.bucket.size")). + append(";").append(NEW_LINE); + for (Service service : topology.getServices()) { + for (Cluster cluster : service.getClusters()) { + if ((service.getPorts() == null) || (service.getPorts().size() == 0)) { + throw new RuntimeException(String.format("No ports found in service: %s", + service.getServiceName())); + } + Port selectedPort = null; + for(Port port : service.getPorts()) { + if(port.getProtocol().equals(protocol)) { + selectedPort = port; + } + } + + if(selectedPort != null) { + if(log.isDebugEnabled()) { + log.debug("The selected Port for cluster: " + cluster.getClusterId() + + " is " + selectedPort.getValue() + " " + + selectedPort.getProtocol() + " " + selectedPort.getProxy()); + } + generateConfigurationForCluster(cluster, selectedPort, configurationBuilder); + } + } + } + configurationBuilder.append("}").append(NEW_LINE); + if(log.isDebugEnabled()) { + log.debug("The generated niginx.conf is: \n" + configurationBuilder.toString()); + } + // End transport block + } + // Start velocity engine VelocityEngine ve = new VelocityEngine(); @@ -124,58 +176,59 @@ public class NginxConfigWriter { * } * } * @param cluster + * @param port * @param text */ - private void generateConfigurationForCluster(Cluster cluster, StringBuilder text) { - - if((cluster.getMembers() == null) || (cluster.getMembers().size() == 0)) { - return; - } - - // Find port mappings - Member firstMember = (Member) cluster.getMembers().toArray()[0]; - Collection<Port> ports = firstMember.getPorts(); - - for (Port port : ports) { - for (String hostname : cluster.getHostNames()) { - // Start transport block - text.append(port.getProtocol()).append(" {").append(NEW_LINE); - - // Start upstream block - text.append(TAB).append("upstream ").append(hostname).append(" {").append(NEW_LINE); - for (Member member : cluster.getMembers()) { - // Start upstream server block - text.append(TAB).append(TAB).append("server ").append(member.getHostName()).append(":") - .append(port.getValue()).append(";").append(NEW_LINE); - // End upstream server block - } - text.append(TAB).append("}").append(NEW_LINE); - // End upstream block - - // Start server block - text.append(NEW_LINE); - text.append(TAB).append("server {").append(NEW_LINE); + private void generateConfigurationForCluster(Cluster cluster, Port port, StringBuilder text) { + + for (String hostname : cluster.getHostNames()) { + // Start upstream block + text.append(TAB).append("upstream ").append(hostname).append(" {").append(NEW_LINE); + for (Member member : cluster.getMembers()) { + // Start upstream server block + text.append(TAB).append(TAB).append("server ").append(member.getHostName()).append(":") + .append(port.getValue()).append(";").append(NEW_LINE); + // End upstream server block + } + text.append(TAB).append("}").append(NEW_LINE); + // End upstream block + + // Start server block + text.append(NEW_LINE); + text.append(TAB).append("server {").append(NEW_LINE); + if(port.getProtocol().equals("https")) { + text.append(TAB).append(TAB).append("listen ").append(port.getProxy()).append(" ssl;").append(NEW_LINE); + } else { text.append(TAB).append(TAB).append("listen ").append(port.getProxy()).append(";").append(NEW_LINE); - text.append(TAB).append(TAB).append("server_name ").append(hostname).append(";").append(NEW_LINE); + } + text.append(TAB).append(TAB).append("server_name ").append(hostname).append(";").append(NEW_LINE); - text.append(TAB).append(TAB).append("location / {").append(NEW_LINE); + text.append(TAB).append(TAB).append("location / {").append(NEW_LINE); + if(port.getProtocol().equals("https")) { + text.append(TAB).append(TAB).append(TAB).append("proxy_pass").append(TAB) + .append("https://";).append(hostname).append(";").append(NEW_LINE); + } else { text.append(TAB).append(TAB).append(TAB).append("proxy_pass").append(TAB) .append("http://";).append(hostname).append(";").append(NEW_LINE); - text.append(TAB).append(TAB).append("}").append(NEW_LINE); - - text.append(TAB).append(TAB).append("location /nginx_status {").append(NEW_LINE); - text.append(TAB).append(TAB).append(TAB).append("stub_status on;").append(NEW_LINE); - text.append(TAB).append(TAB).append(TAB).append("access_log off;").append(NEW_LINE); - text.append(TAB).append(TAB).append(TAB).append("allow 127.0.0.1;").append(NEW_LINE); - text.append(TAB).append(TAB).append(TAB).append("deny all;").append(NEW_LINE); - text.append(TAB).append(TAB).append("}").append(NEW_LINE); + } + text.append(TAB).append(TAB).append("}").append(NEW_LINE); + + text.append(TAB).append(TAB).append("location /nginx_status {").append(NEW_LINE); + text.append(TAB).append(TAB).append(TAB).append("stub_status on;").append(NEW_LINE); + text.append(TAB).append(TAB).append(TAB).append("access_log off;").append(NEW_LINE); + text.append(TAB).append(TAB).append(TAB).append("allow 127.0.0.1;").append(NEW_LINE); + text.append(TAB).append(TAB).append(TAB).append("deny all;").append(NEW_LINE); + text.append(TAB).append(TAB).append("}").append(NEW_LINE); + + if(port.getProtocol().equals("https")) { + text.append(TAB).append(TAB).append("ssl on;").append(NEW_LINE); + text.append(TAB).append(TAB).append("ssl_certificate ").append(System.getProperty("nginx.cert.path")).append (";").append(NEW_LINE); + text.append(TAB).append(TAB).append("ssl_certificate_key ").append(System.getProperty("nginx.key.path")).append (";").append(NEW_LINE); + } - text.append(TAB).append("}").append(NEW_LINE); - // End server block + text.append(TAB).append("}").append(NEW_LINE); + // End server block - text.append("}").append(NEW_LINE); - // End transport block - } } } }
